From: Florent Bruneau Date: Sun, 22 Jun 2008 13:13:33 +0000 (+0200) Subject: Bye xorg.misc.inc.php X-Git-Tag: core/1.0.0~74 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=f70f2bcdc077c220e40ecebaf569e097f6028743;p=platal.git Bye xorg.misc.inc.php Signed-off-by: Florent Bruneau --- diff --git a/include/xorg.misc.inc.php b/core/include/misc.inc.php similarity index 73% rename from include/xorg.misc.inc.php rename to core/include/misc.inc.php index dd3c70f..3cd88c8 100644 --- a/include/xorg.misc.inc.php +++ b/core/include/misc.inc.php @@ -254,123 +254,5 @@ function uint_to_ip($uint) return long2ip($uint); } - -/****************************************************************************** - * Security functions - *****************************************************************************/ - -function check_ip($level) -{ - if (empty($_SERVER['REMOTE_ADDR'])) { - return false; - } - if (empty($_SESSION['check_ip'])) { - $ips = array(); - if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); - } - $ips[] = $_SERVER['REMOTE_ADDR']; - foreach ($ips as &$ip) { - $ip = '(ip & mask) = (' . ip_to_uint($ip) . '& mask)'; - } - $res = XDB::query('SELECT state, description - FROM ip_watch - WHERE ' . implode(' OR ', $ips) . ' - ORDER BY state DESC'); - if ($res->numRows()) { - $state = $res->fetchOneAssoc(); - $_SESSION['check_ip'] = $state['state']; - $_SESSION['check_ip_desc'] = $state['description']; - } else { - $_SESSION['check_ip'] = 'safe'; - } - } - $test = array(); - switch ($level) { - case 'unsafe': $test[] = 'unsafe'; - case 'dangerous': $test[] = 'dangerous'; - case 'ban': $test[] = 'ban'; break; - default: return false; - } - return in_array($_SESSION['check_ip'], $test); -} - -function check_email($email, $message) -{ - $res = XDB::query("SELECT state, description - FROM emails_watch - WHERE state != 'safe' AND email = {?}", $email); - if ($res->numRows()) { - send_warning_mail($message); - return true; - } - return false; -} - -function check_account() -{ - return S::v('watch_account'); -} - -function check_redirect($red = null) -{ - require_once 'emails.inc.php'; - if (is_null($red)) { - $red = new Redirect(S::v('uid')); - } - if ($red->get_uid() == S::v('uid')) { - $_SESSION['no_redirect'] = !$red->other_active(''); - $_SESSION['mx_failures'] = $red->get_broken_mx(); - } -} - -function send_warning_mail($title) -{ - global $globals; - $mailer = new PlMailer(); - $mailer->setFrom("webmaster@" . $globals->mail->domain); - $mailer->addTo($globals->core->admin_email); - $mailer->setSubject("[Plat/al Security Alert] $title"); - $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" - ."Identifiants de connexion :\n" . var_export($_SERVER, true)); - $mailer->send(); -} - -function kill_sessions() -{ - assert(S::has_perms()); - shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh'); -} - - -/****************************************************************************** - * Dynamic configuration update/edition stuff - *****************************************************************************/ - -function update_NbIns() -{ - global $globals; - $res = XDB::query("SELECT COUNT(*) - FROM auth_user_md5 - WHERE perms IN ('admin','user') AND deces=0"); - $cnt = $res->fetchOneCell(); - $globals->changeDynamicConfig(array('NbIns' => $cnt)); -} - -function update_NbValid() -{ - global $globals; - $res = XDB::query("SELECT COUNT(*) - FROM requests"); - $globals->changeDynamicConfig(array('NbValid' => $res->fetchOneCell())); -} - -function update_NbNotifs() -{ - require_once 'notifs.inc.php'; - $n = select_notifs(false, S::i('uid'), S::v('watch_last'), false); - $_SESSION['notifs'] = $n->numRows(); -} - // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: ?> diff --git a/core/include/platal.inc.php b/core/include/platal.inc.php index 2fa6c8b..81f4068 100644 --- a/core/include/platal.inc.php +++ b/core/include/platal.inc.php @@ -21,6 +21,8 @@ $TIME_BEGIN = microtime(true); +require_once dirname(__FILE__) . '/misc.inc.php'; + define('PERMS_EXT', 'ext'); define('PERMS_USER', 'user'); define('PERMS_ADMIN', 'admin'); diff --git a/include/emails.inc.php b/include/emails.inc.php index 616fe0f..be0b6fd 100644 --- a/include/emails.inc.php +++ b/include/emails.inc.php @@ -19,8 +19,6 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once("xorg.misc.inc.php"); - define("SUCCESS", 1); define("ERROR_INACTIVE_REDIRECTION", 2); define("ERROR_INVALID_EMAIL", 3); diff --git a/include/marketing.inc.php b/include/marketing.inc.php index 88eac61..f397ad0 100644 --- a/include/marketing.inc.php +++ b/include/marketing.inc.php @@ -53,7 +53,6 @@ class Marketing private function getUser($uid, $email) { - require_once("xorg.misc.inc.php"); $res = XDB::query("SELECT FIND_IN_SET('femme', flags) AS sexe, nom, prenom, promo FROM auth_user_md5 WHERE user_id = {?}", $uid); @@ -287,7 +286,8 @@ class AnnuaireMarketing implements MarketingEngine public function getText(array $user) { - $page = new XorgPage('marketing/marketing.mail.tpl', NO_SKIN); + $page = new XorgPage(); + $page->changeTpl('marketing/marketing.mail.tpl', NO_SKIN); $this->prepareText($page, $user); return $page->raw(); } diff --git a/include/massmailer.inc.php b/include/massmailer.inc.php index 19996fe..a1d49f3 100644 --- a/include/massmailer.inc.php +++ b/include/massmailer.inc.php @@ -19,8 +19,6 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once("xorg.misc.inc.php"); - // {{{ class MassMailer abstract class MassMailer diff --git a/include/notifs.inc.php b/include/notifs.inc.php index 0bcf655..33ae8eb 100644 --- a/include/notifs.inc.php +++ b/include/notifs.inc.php @@ -54,7 +54,6 @@ function register_watch_op($uid, $cid, $date='', $info='') WHERE ni_id={?}', $uid); XDB::execute('DELETE FROM watch_nonins WHERE ni_id={?}', $uid); } - require_once 'xorg.misc.inc.php'; update_NbNotifs(); } diff --git a/include/userset.inc.php b/include/userset.inc.php index 7efd5c1..ab77c01 100644 --- a/include/userset.inc.php +++ b/include/userset.inc.php @@ -19,7 +19,6 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once('xorg.misc.inc.php'); require_once('user.func.inc.php'); global $globals; diff --git a/include/validations/nomusage.inc.php b/include/validations/nomusage.inc.php index 952c0c1..788d7c6 100644 --- a/include/validations/nomusage.inc.php +++ b/include/validations/nomusage.inc.php @@ -49,7 +49,6 @@ class UsageReq extends Validate parent::__construct($_uid, true, 'usage'); $this->nom_usage = $_usage; $this->reason = $_reason; - require_once 'xorg.misc.inc.php'; $this->alias = make_username($this->prenom, $this->nom_usage); if (!$this->nom_usage) $this->alias = ""; diff --git a/include/vcard.inc.php b/include/vcard.inc.php index a4366fc..cba4092 100644 --- a/include/vcard.inc.php +++ b/include/vcard.inc.php @@ -19,7 +19,6 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once('xorg.misc.inc.php'); require_once('user.func.inc.php'); class VCardIterator implements PlIterator diff --git a/include/xnet.inc.php b/include/xnet.inc.php index 823cb7a..fb24876 100644 --- a/include/xnet.inc.php +++ b/include/xnet.inc.php @@ -24,10 +24,9 @@ define('PL_SESSION_CLASS', 'XnetSession'); define('PL_PAGE_CLASS', 'XnetPage'); require_once dirname(dirname(__FILE__)) . '/core/include/platal.inc.php'; -require_once('xorg.misc.inc.php'); -require_once('globals.inc.php'); -require_once('xnet/session.inc.php'); -require_once('xnet/page.inc.php'); +require_once 'globals.inc.php'; +require_once 'xnet/session.inc.php'; +require_once 'xnet/page.inc.php'; function __autoload($cls) { diff --git a/include/xorg.inc.php b/include/xorg.inc.php index 849e018..0d46e8d 100644 --- a/include/xorg.inc.php +++ b/include/xorg.inc.php @@ -24,9 +24,9 @@ define('PL_SESSION_CLASS', 'XorgSession'); define('PL_PAGE_CLASS', 'XorgPage'); require_once dirname(dirname(__FILE__)) . '/core/include/platal.inc.php'; -require_once('xorg.misc.inc.php'); -require_once('globals.inc.php'); -require_once('xorg/session.inc.php'); +require_once 'security.inc.php'; +require_once 'globals.inc.php'; +require_once 'xorg/session.inc.php'; function __autoload($cls) { @@ -43,6 +43,37 @@ function __autoload($cls) } } +/****************************************************************************** + * Dynamic configuration update/edition stuff + *****************************************************************************/ + +function update_NbIns() +{ + global $globals; + $res = XDB::query("SELECT COUNT(*) + FROM auth_user_md5 + WHERE perms IN ('admin','user') AND deces=0"); + $cnt = $res->fetchOneCell(); + $globals->changeDynamicConfig(array('NbIns' => $cnt)); +} + +function update_NbValid() +{ + global $globals; + $res = XDB::query("SELECT COUNT(*) + FROM requests"); + $globals->changeDynamicConfig(array('NbValid' => $res->fetchOneCell())); +} + +function update_NbNotifs() +{ + require_once 'notifs.inc.php'; + $n = select_notifs(false, S::i('uid'), S::v('watch_last'), false); + $_SESSION['notifs'] = $n->numRows(); +} + + + // {{{ class XorgPage class XorgPage extends PlPage diff --git a/modules/admin.php b/modules/admin.php index f6ef19d..b4c8137 100644 --- a/modules/admin.php +++ b/modules/admin.php @@ -583,7 +583,6 @@ class AdminModule extends PLModule $page->trigSuccess("updaté correctement."); } if (Env::v('nomusageN') != $mr['nom_usage']) { - require_once "xorg.misc.inc.php"; set_new_usage($mr['user_id'], Env::v('nomusageN'), make_username(Env::v('prenomN'), Env::v('nomusageN'))); } if (Env::v('decesN') != $mr['deces']) { diff --git a/modules/carnet.php b/modules/carnet.php index 18ec3dd..345d56d 100644 --- a/modules/carnet.php +++ b/modules/carnet.php @@ -329,7 +329,6 @@ class CarnetModule extends PLModule if (!$uid) { $uid = S::i('uid'); } else if ($uid != S::i('uid')) { - require_once 'xorg.misc.inc.php'; send_warning_email("Récupération d\'un autre utilisateur ($uid)"); } } else if (!$uid) { diff --git a/modules/marketing.php b/modules/marketing.php index 0500fe1..8cb7bbe 100644 --- a/modules/marketing.php +++ b/modules/marketing.php @@ -261,7 +261,6 @@ class MarketingModule extends PLModule $page->assign('promo', $promo); if (Post::has('valide')) { - require_once('xorg.misc.inc.php'); $email = trim(Post::v('mail')); if (!isvalid_email_redirection($email)) { diff --git a/modules/payment/money/cyberpaiement.inc.php b/modules/payment/money/cyberpaiement.inc.php index 407fa18..c79935c 100644 --- a/modules/payment/money/cyberpaiement.inc.php +++ b/modules/payment/money/cyberpaiement.inc.php @@ -55,7 +55,6 @@ class CyberPayment $name = $req->fetchOneCell(); // on constuit la reference de la transaction - require_once 'xorg.misc.inc.php'; $prefix = ($pay->flags->hasflag('unique')) ? str_pad("",15,"0") : rand_url_id(); $fullref = substr("$prefix-xorg-{$pay->id}",-15); diff --git a/modules/payment/money/paypal.inc.php b/modules/payment/money/paypal.inc.php index 48e740f..e1b4d0f 100644 --- a/modules/payment/money/paypal.inc.php +++ b/modules/payment/money/paypal.inc.php @@ -89,7 +89,6 @@ class PayPal $this->infos['client'] = array_map('replace_accent', array_merge($info_client, $res->fetchOneAssoc())); // on constuit la reference de la transaction - require_once 'xorg.misc.inc.php'; $prefix = ($pay->flags->hasflag('unique')) ? str_pad("",15,"0") : rand_url_id(); $fullref = substr("$prefix-xorg-{$pay->id}",-15); diff --git a/modules/profile.php b/modules/profile.php index f8bf90c..b6cd695 100644 --- a/modules/profile.php +++ b/modules/profile.php @@ -447,7 +447,6 @@ class ProfileModule extends PLModule $page->changeTpl('profile/orange.tpl'); require_once 'validations.inc.php'; - require_once 'xorg.misc.inc.php'; $res = XDB::query( "SELECT u.promo, u.promo_sortie @@ -644,7 +643,6 @@ class ProfileModule extends PLModule $page->changeTpl('profile/nomusage.tpl'); require_once 'validations.inc.php'; - require_once 'xorg.misc.inc.php'; $res = XDB::query( "SELECT u.nom, u.nom_usage, u.flags, e.alias diff --git a/modules/profile/page.inc.php b/modules/profile/page.inc.php index 7af2fef..433947e 100644 --- a/modules/profile/page.inc.php +++ b/modules/profile/page.inc.php @@ -68,7 +68,6 @@ class ProfileEmail extends ProfileNoSave return isset($page->values[$field]) ? $page->values[$field] : S::v($field); } $value = trim($value); - require_once 'xorg.misc.inc.php'; $success = empty($value) || isvalid_email($value); if (!$success) { Platal::page()->trigError('Adresse Email invalide'); diff --git a/modules/register/register.inc.php b/modules/register/register.inc.php index 585200a..e1a98c9 100644 --- a/modules/register/register.inc.php +++ b/modules/register/register.inc.php @@ -19,8 +19,6 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once 'xorg.misc.inc.php'; - // {{{ function user_cmp function user_cmp($prenom, $nom, $_prenom, $_nom) @@ -151,7 +149,6 @@ function create_aliases (&$sub) global $globals; extract ($sub); - require_once "xorg.misc.inc.php"; $mailorg = make_username($prenom, $nom); $mailorg2 = $mailorg.sprintf(".%02u", ($promo%100)); $forlife = make_forlife($prenom, $nom, $promo); diff --git a/modules/search/classes.inc.php b/modules/search/classes.inc.php index 429d09b..db5a414 100644 --- a/modules/search/classes.inc.php +++ b/modules/search/classes.inc.php @@ -19,8 +19,6 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once("xorg.misc.inc.php"); - // {{{ Global variables used for the search Queries @$globals->search->result_fields = ' diff --git a/modules/xnetgrp.php b/modules/xnetgrp.php index 596a0a1..543c8d3 100644 --- a/modules/xnetgrp.php +++ b/modules/xnetgrp.php @@ -699,7 +699,6 @@ class XnetGrpModule extends PLModule $page->trigError($email." n'est pas un alias polytechnique.org valide."); } } else { - require_once 'xorg.misc.inc.php'; if (isvalid_email($email)) { if (Env::v('x') && Env::has('userid') && Env::i('userid')) { $uid = Env::i('userid');